Admins in charge of Cisco wi-fi kit have been caught by a certificate that expired on December 4, leading to software installation failures.
Cisco’s field notice said the issue affects “all lightweight IOS Access Points, including 700/800/1700/2700/3700/1552/1572/IW3700 Access Points”.
The expired certificate means the access point is unable to validate the Cisco-supplied software image.
Admins will experience the problem upgrading or downgrading their software, either from 9800 or AirOS Wireless LAN Controller (WLC). Trying to validate the image, the OS gets stuck in an image download loop and fails to join the WLC.
The field notice states that “after December 4, 2022, when an AP downloads code due to software upgrade/downgrade or due to moving between WLCs running different versions, the AP will fail to validate the image and will remain in a download image loop indefinitely.
“The problem is seen for all AireOS and IOS-XE versions.”
To overcome the problem, admins will have to get their hands dirty: first, they have to disable NTP, then set the access point’s date to before December 4, wait for the AP to come up with a new image, and re-enable NTP.
The defect impacts more than 150 individual software releases.
Certificate management has become a growing burden on vendors and customers.
Earlier this year, the decommissioning of the QuoVadis certificated authority impacted a large number of Cisco products and services, some of which had to be replaced because they were already out of service.
.png&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
